•   
  •   
  •   

US REvil Ransomware Group Servers Hit by Hacking Technique It Uses to Compromise Targets

08:30  22 october  2021
08:30  22 october  2021 Source:   newsweek.com

White House convenes virtual meeting of countries to counter ransomware

  White House convenes virtual meeting of countries to counter ransomware The White House on Wednesday will convene a virtual meeting on countering ransomware with senior officials representing 30 countries and the European Union, Biden administration officials said, as part of President Biden's effort to work with global partners to address cyber threats.Ministers and senior officials from a range of countries will take part in the virtual meeting, though the attendees do not include representatives from Russia, which has been a key focus of the Biden administration in trying to root out criminal ransomware groups.

REvil, the ransomware group that hacked into the U.S. Colonial Pipeline this past May, was itself hacked and shut down by a multinational cyber operation, according to an exclusive report from Reuters.

The ransomware group REvil has been shutdown by the government using the same technique that it uses to hack into the servers of private companies. © iStock/Getty The ransomware group REvil has been shutdown by the government using the same technique that it uses to hack into the servers of private companies.

The group was reportedly hacked into using the same technique that brought down the Pipeline.

Officials from the Federal Bureau of Investigation (FBI) along with the U.S. Cyber Command, worked with a number of different countries to bring down REvil as well as a number of other cybercrime groups.

US talks global cybersecurity without a key player: Russia

  US talks global cybersecurity without a key player: Russia As the FDA nears a decision on authorizing Pfizer’s Covid-19 vaccine for children 5-11 years old, public-health officials and pediatricians are sharing research with families to assure hesitant parents of the shot's safety. Photo: John Locher/Associated Press

On a recent internet forum post, one of the leaders of REvil, known only as 0_neday, wrote that "the server was compromised, and they were looking for me."

"Good luck, everyone; I'm off," 0_neday continued.

The shutdown by the government used a loophole in the ransomware's backup system, allowing law enforcement agencies to access REvil's servers and shut them down.

"REvil...restored the infrastructure from the backups under the assumption that they had not been compromised," said Oleg Skulkin, an official at the Russian security company Group-IB. "Ironically, the gang's own favorite tactic of compromising the backups was turned against them."

Reuters has described REvil as "one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world."

Sinclair Broadcast Group Says Some of Its TV Stations Hit By Ransomware Attack

  Sinclair Broadcast Group Says Some of Its TV Stations Hit By Ransomware Attack The Hunt Valley, Maryland-based company owns or operates 21 regional sports network and owns, operates or provides services to 185 TV stations in 86 markets.The company, which operates dozens of televisions stations across the country, said that it began investigating the apparent ransomware encryption over the weekend and found that some of its office and operational networks had been impacted.

The hacking of the Colonial Pipeline by REvil and another ransomware group, DarkSide, led to massive gasoline shortages and caused President Joe Biden to declare a state of emergency. The pipeline was only restored after Colonial Pipeline Company sent REvil $4.4 million.

REvil made headlines again in July when it hacked into software management company Kaseya, allowing the group to access the personal information of hundreds of the company's clients.

The White House National Security Council told Reuters that they were "undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors," but declined to comment specifically on the REvil operation.

Related Articles

  • Kaseya Can Now Unlock Over 1K Businesses That Had Data Locked By REvil Ransomware
  • Russian Group Responsible for JBS Meat Plant Cyberattack Goes Offline
  • Did Kim Jong Un Really Release the WannaCry Virus?

Start your unlimited Newsweek trial

NRA Hacked by Russian Ransomware Gang, Likely Not Politically Motivated, Expert Says .
"It's not likely that this was specifically targeted at the NRA, the NRA just happened to get hit," said an intelligence analyst at a cybersecurity firm.Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, said that it's very unusual for a politically-active group like the NRA to be singled out by ransomware gangs. Those groups usually also opt to target vulnerable technologies rather than organizations, he said.

usr: 3
This is interesting!